CSC 439 Computer Security

Karen Heart, MS, Instructor
kheart@depaul.edu
(312)362-1469

Syllabus

Summary of the course

This course covers core principles of computer security. Topics include : user authentication; access control (discretionary, mandatory, role-based); security auditing; database security; software security, common vulnerabilities, and secure coding practices; malicious software; and operating system security.

Textbooks and printed resources

Computer Security: Principles and Practice (3rd edition), W. Stallings and L.Brown. Pearson, 2015, ISBN 978-0-13-377392-7

Prerequisites

CSC 407

Office Hours

During classes, I will be online for office hours; please check D2L for times.

Assignments and Grading

Overview

There will be four (4) homework assignments, a Midterm Exam, and a Final Exam.

Sec. 1. Homework Assignments

The homework exercises are designed to reinforce learning the concepts covered in class. The exercises involve coding, scripting, use of security technology, and empirical study.
You should complete these exercises individually in order to maximize your benefit; however, you may discuss the problems with your classmates.
Each homework is worth ten (10) points. Moreover, I will devise some of the questions for the exams from these assignments.
The official platform for this course is single CPU Linux Mint, ver. 20.3, Mate edition., which is based on Ubuntu. You may also use any compatible version of Ubuntu/Debian.
Your exercise submissions will be graded only on this platform. You are responsible for securing a working Linux environment in order to test your work; however, I will supply specific instructions for downloading and installing it as a Virtual Machine (VM) using the Virtualbox hypervisor.
Due dates of assignments are posted on D2L. These dates are designed to both inform you of the rate at which the course progresses and assist you in keeping pace. Nonetheless, as a general rule, you may submit assignments late, to the Assistance Submissions folder, and no points will be deducted for tardiness; however, you must submit all of your work before the date the Final Exam is due. Please note that you may revise your work and resubmit it as often as you like, even after it has been graded so that you can ultimately earn full points for each assignment. If you submit (or resubmit) work late, you must also email me to let me know your work is in the Assistance Submissions folder and ready for grading. I DO NOT LOOK AT THE ASSISTANCE FOLDER UNLESS AND UNTIL I RECEIVE A SPECIFIC EMAIL, AND THEN I LOOK ONLY AT THE SUBMISSION BY THE STUDENT WHO SENT THE EMAIL. Finally, if an assignment does not follow the general rule because timeliness is of the essence, the instructions for the assignment will so indicate that tardy submissions are not accepted.

Sec. 2. Midterm Exam

The Midterm Exam will test your knowledge of the material covered by the lectures, readings, and homework assignments up to the date of the exam.
The exam is worth thirty (30) points.

Sec. 3. Final Exam

The Final Exam is comprehensive and, therefore, will test your knowledge of all of the material covered by the lectures, readings, and homework assignments.
The exam is worth thirty (30) points.

Sec. 4. How Your Grade for the Course Is Calculated

Your final grade for the course is simply the addition of points from the homework assignments and the exams.

I will not curve the course grades; therefore, you must earn at least seventy (70) points in order to pass the course.

Alternative grade procedure for exams: If you have a documented disability, such as a history of extreme test taking anxiety, please see me for accommodation.

Your point score will be converted to a letter grade using the following table:

Letter	Numeric Range
A	93.1 and up
A-	90 - 93
B+	86.1 - 89.99
B	83.1 - 86
B-	80 - 83
C+	76.1 - 79.99
C	73.1 -76
C-	70 - 73
D+	66.1 - 69.99
D	60 - 66
F	below 60

Approach

Lecture material will be prerecorded and uploaded to D2L for you to view. These materials will be discussed in class.

Policy on Working Together

Each student is expected to turn in original work for the assignments. Copying code or other documents from another person is considered a serious violation of the university's academic integrity policy (see below).

Topics

Week	Topics	Reading Assignment
1	Overview of CIA; access control lists; access control beyond ACL's	Ch. 1, Ch. 4
2	Cryptography; passwords; key encryption; TLS/SSL and HTTPS; IPSec; physical deployment of encryption; firewalls; Kerberos; Heartbleed bug; shell attacks	Ch. 3
3	Network mapping; DoS attacks; SQL Injection; XSS attacks; CSRF attacks; buffer overflow attacks; invalid pointers; malware; metasploit; threat modeling (Part I)
4	Threat modeling (Parts II and III)
5	Digital forensics
6	Midterm exam, available online; Social Engineering
7	Forensic investigations
8	Controls
9	System protections
10	Legal and ethical issues
Final Exam	Exam available online

Attendance

Attendance is encouraged for your benefit, but it is not mandatory.

Academic Integrity and Plagiarism

This course will be subject to the university's academic integrity policy. More information can be found at http://academicintegrity.depaul.edu/. NOTE: All students are expected to abide by the University’s Academic Integrity Policy which prohibits cheating and other misconduct in student coursework. Publicly sharing or posting online any prior or current materials from this course (including exam questions or answers), is considered to be providing unauthorized assistance prohibited by the policy. Both students who share/post and students who access or use such materials are considered to be cheating under the Policy and will be subject to sanctions for violations of Academic Integrity. If you have any questions be sure to consult with your professor.

Academic Policies

All students are required to manage their class schedules each term in accordance with the deadlines for enrolling and withdrawing as indicated in the University Academic Calendar. Information on enrollment, withdrawal, grading and incompletes can be found at: http://cdm.depaul.edu/enrollment.

Students with Disabilities

Students who feel they may need an accommodation based on the impact of a disability should contact the instructor privately to discuss their specific needs. All discussions will remain confidential. To ensure that you receive the most appropriate accommodation based on your needs, contact the instructor as early as possible in the quarter (preferably within the first week of class), and make sure that you have contacted the Center for Students with Disabilities (CSD) at: csd@depaul.edu.
Lewis Center 1420, 25 East Jackson Blvd.
Phone number: (312)362-8002
Fax: (312)362-6544
TTY: (773)325.7296

Online Course Evaluations

Evaluations are a way for students to provide valuable feedback regarding their instructor and the course. Detailed feedback will enable the instructor to continuously tailor teaching methods and course content to meet the learning goals of the course and the academic needs of the students. They are a requirement of the course and are key to continue to provide you with the highest quality of teaching. The evaluations are anonymous; the instructor and administration do not track who entered what responses. A program is used to check if the student completed the evaluations, but the evaluation is completely separate from the student’s identity. Since 100% participation is our goal, students are sent periodic reminders over three weeks. Students do not receive reminders once they complete the evaluation. Students complete the evaluation online in CampusConnect.

Changes to Syllabus

This syllabus is subject to change as necessary during the quarter. If a change occurs, it will be thoroughly addressed during class, posted under Announcements in D2L and sent via email.

School Policies

Policies of the school are explained on the webpage for this course on my.cdm.depaul.edu.